ws-sx message

Subject: Re: [ws-sx] Issue PR020: Provide mechanism to specify signing or encryption of SwA (SOAP Messages with Attachments)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
To: ext Jan Alexander <janalex@microsoft.com>
Date: Mon, 19 Feb 2007 16:28:16 -0500

Attached is red-lined proposal for issue PR020 in Word and PDF.

The proposal contains three changes:

1) Add references to WSS 1.1 SwA Profile and SwA in normative  
references section (lines 157 and 235 in PDF)

2) Add definition of SignedParts/Attachment element to end of 4.1.1  
(line 449 pdf) and add  <sp:Attachments />? to syntax box (line 421  
pdf).

3) Add definition of EncryptedParts/Attachment element to end of  
4.2.1 (line 530 pdf) and add  <sp:Attachments />? to syntax box (line  
500 pdf).

Note that order of signing and encryption is dealt with in 6.3 with  
the Protection Order property and this property should also apply to  
attachments.

regards, Frederick

Frederick Hirsch
Nokia


On Feb 19, 2007, at 12:51 PM, ext Jan Alexander wrote:

> Frederick,
>
> Yes, that was exactly my issue. Uniformly protecting all  
> attachments sounds like a reasonable approach to me.
>
> I think it would help if you provide more detailed wording for your  
> proposal so that editors can just use it in the document when the  
> issue gets accepted by the TC.
>
> Thanks,
> --Jan
>
> -----Original Message-----
> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
> Sent: Monday, February 19, 2007 6:46 AM
> To: Jan Alexander
> Cc: Frederick Hirsch; ws-sx@lists.oasis-open.org; Greg Carpenter
> Subject: Re: [ws-sx] Issue PR020: Provide mechanism to specify  
> signing or encryption of SwA (SOAP Messages with Attachments)
>
> Jan
>
> Thank you for reviewing my proposal.
>
> The simplest case is to simply require all attachments to be signed/
> encrypted,  presumably sign first if both.
>
> I'm not sure how policy author would be able to state for individual
> attachments since cid's are probably not available at the time policy
> is written. Thus I'm not sure how to state meaningful policy at a
> granularity of individual attachment at policy writing time.
>
> regards, Frederick
>
> Frederick Hirsch
> Nokia
>
>
> On Feb 18, 2007, at 1:37 PM, ext Jan Alexander wrote:
>
>> Hi Frederick,
>>
>> I took an action item on the last TC call to look more into your
>> proposal below.
>>
>> In general, I agree with the proposed solution since message
>> attachments are generally considered as parts of the message.
>> However I wonder what is your proposal for identifying individual
>> attachments? Since WS-SP does not depend on WSDL and is WSDL
>> agnostic it is not clear to me how the attachment parts are
>> distinguished if there is more than one attached to the message so
>> that the individual attachments can be mapped to the respective
>> protection assertion "attachment" elements in the receiver's
>> security policy. Or is your proposal to uniformly protect all the
>> message attachments by using a single "attachment" element?
>>
>> Thanks,
>> --Jan
>>
>>
>> -----Original Message-----
>> From: Greg Carpenter [mailto:gregcarp@microsoft.com]
>> Sent: Monday, February 12, 2007 7:16 AM
>> To: ws-sx@lists.oasis-open.org
>> Cc: Frederick Hirsch
>> Subject: [ws-sx] Issue PR020: Provide mechanism to specify signing
>> or encryption of SwA (SOAP Messages with Attachments)
>>
>> Issue PR020
>>
>> -----Original Message-----
>> From: Frederick Hirsch [mailto:frederick.hirsch@nokia.com]
>> Sent: Sunday, February 11, 2007 8:09 AM
>> To: WS-SX OASIS
>> Cc: Hirsch Frederick; Carpenter Greg
>> Subject: [ws-sx] NEW Issue: Provide mechanism to specify signing or
>> encryption of SwA (SOAP Messages with Attachments)
>>
>> PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
>> THE ISSUE IS ASSIGNED A NUMBER.
>>
>> The issues coordinators will notify the list when that has occurred.
>>
>> Protocol:  ws-securitypolicy
>> http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/ 
>> 21401/
>> ws-securitypolicy-1.2-spec-cd-01.pdf
>>
>> Artifact:  spec
>>
>> Type:  design
>> Title: No means to express need to secure SOAP Messages with
>> Attachments (SwA)
>>
>> Description:
>>
>> The current specification provides no mechanism to express the
>> requirement to secure SOAP Messages with Attachments (SwA).
>>
>> Related issues:
>> None.
>> Proposed Resolution:
>>
>> Add to sp:SignedParts and sp:EncryptedParts sp:SignedParts/Attachment
>> and sp:EncryptedParts/Attachment respectively.
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>

ws-securitypolicy-1.2-spec-ed-01-r12-pr020-proposal

ws-securitypolicy-1.2-spec-ed-01-r12-pr020-proposal.pdf

References:
- Issue PR020: Provide mechanism to specify signing or encryption ofSwA (SOAP Messages with Attachments)
  - From: Greg Carpenter <gregcarp@microsoft.com>
- RE: [ws-sx] Issue PR020: Provide mechanism to specify signing orencryption of SwA (SOAP Messages with Attachments)
  - From: Jan Alexander <janalex@microsoft.com>
- Re: [ws-sx] Issue PR020: Provide mechanism to specify signing or encryption of SwA (SOAP Messages with Attachments)
  - From: Frederick Hirsch <frederick.hirsch@nokia.com>
- RE: [ws-sx] Issue PR020: Provide mechanism to specify signing orencryption of SwA (SOAP Messages with Attachments)
  - From: Jan Alexander <janalex@microsoft.com>